Distribution of digital objects, or objects in short-whether be it text, graphics, animation, video, audio or software (such as source code or machine code) written in various programming languages--in magnetic, electronic, optical or any other medium is becoming popular. However, because such objects are in digital format, they are susceptible to third-party tampering which is difficult to detect. In many situations it is necessary for an end user to check an object received from another party, called information provider in the present invention, against certain trust criteria before accepting and using the object. Trust criteria may include authentication of date of creation, originality, integrity, type, and usage safety of the object.
Most of the current practices in digital information dissemination do not provide end users with means of reliably checking whether an object meets certain trust criteria. Popular but very dangerous ways of distributing software over Internet are downloading software files using file transfer protocol or electronic mail. Malicious attacker may modify the software or replace it with malicious software during transit. Malicious attacker may even post malicious software on a newsgroup or on a compromised machine. When the software is downloaded and run at an end user's machine, it has all the access rights entitled to the user. For example, the malicious software may be designed to read user's private files and send them to a designated network address. The malicious software may also infect the user's system if it contains a virus or network worm.
The danger of unchecked software distribution is aggregated with the advent of new programming language environments which allow for architecturally neutral code to be dynamically loaded and run on a heterogeneous network of computers such as the Internet. In such an environment, a user's machine may dynamically download executable digital objects from various information providers and execute them locally. Without proper checking on such executable digital objects, it is like opening the door and inviting crimes to one's house.
In response to this problem a method for trusted software digital object distribution has been developed, and is published in Aviel D. Rubin, "Trusted distribution of software over the Internet", pp. 47-53, Proceeding of the Symposium on Network and Distributed System Security, Feb. 16-17, 1995, San Diego. Calif. This method relies on a trusted third party, called certification authority, to certify the originality and integrity of a software object where each individual object produced by an information provider is issued a separate certificate. In this method, an author, A, of a program registers a public key, K.sub.pub, with a trusted third party, T. T verifies the registration information by calling A on the telephone. To distribute a file, A sends a signed message using a private key, K.sub.pri, associated with K.sub.pub, to T containing the hash of the file, H, and other relevant information. T issues a signed certificate containing the name of the file and its hash value. When A receives the certificate, he stores it along with the file. This certificate is sent whenever a user retrieves the file. The user then uses the certificate to verify the integrity of the file.
This method suffers from the fact that each time a digital object is downloaded, the corresponding certificate must be downloaded as well and verified by the end user. Certificate verification is a computationally intensive process requiring much processing time. Not only is this method computationally costly but it introduces additional delays in code execution which may be un-acceptable in certain applications. Furthermore, this prior art scheme is restrictive in that it only provides authentication on the object's originality and integrity; no authentication on the usage safety of objects is provided.
Hence it would be highly desirable to have method for trusted distribution of digital objects which is substantially faster and computationally efficient, and which provides authentication on the object's usage safety, as well as on its originality and integrity.